An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Sept. 7, 2022

NSA Releases Future Quantum-Resistant (QR) Algorithm Requirements for National Security Systems

The National Security Agency (NSA) released the “Commercial National Security Algorithm Suite 2.0” (CNSA 2.0) Cybersecurity Advisory (CSA) today to notify National Security Systems (NSS) owners, operators and vendors of the future quantum-resistant (QR) algorithms requirements for NSS — networks that contain classified information or are otherwise critical to military and intelligence activities.

A cryptanalytically-relevant quantum computer (CRQC) would have the potential to break public-key systems (sometimes referred to as asymmetric cryptography) that are used today. Given foreign pursuits in quantum computing, now is the time to plan, prepare and budget for a transition to QR algorithms to assure sustained protection of NSS and related assets in the event a CRQC becomes an achievable reality.

“This transition to quantum-resistant technology in our most critical systems will require collaboration between government, National Security System owners and operators, and industry,” said Rob Joyce, Director of NSA Cybersecurity. “Our hope is that sharing these requirements now will help efficiently operationalize these requirements when the time comes.”

The Director of NSA is the National Manager for NSS and therefore issues guidance for NSS. The algorithms in CNSA 2.0 are an update to those in the currently required Commercial National Security Algorithm Suite (now referred to as CNSA 1.0) listed in CNSSP 15, Annex B (released in 2016). The CNSA 2.0 algorithms have been analyzed as secure against both classical and quantum computers, and they will eventually be required for NSS.

NSA’s CNSA 2.0 algorithm selections were based on the National Institute of Standards and Technology’s (NIST) recently announced selections for standardization for quantum-resistant cryptography, but there are neither final standards nor FIPS-validated implementations available yet.

NSA urges NSS owners and operators to pay attention to NIST selections and to the future requirements outlined in CNSA 2.0, while CNSA 1.0 compliance continues to be required in the interim.

“We want people to take note of these requirements to plan and budget for the expected transition, but we don’t want to get ahead of the standards process,” said Joyce.

NSS owners and operators should not deploy QR algorithms on mission networks until they have been vetted by NIST and National Information Assurance Partnership (NIAP) as required in CNSSP-11. There will be a transition period, and NSA will be transparent about NSS transition requirements.

For additional information, the CNSA 2.0 CSA is accompanied by a cybersecurity information sheet (CSI), “The Commercial National Security Algorithm Suite 2.0 and Quantum Computing FAQ.” This CSI provides updated answers to quantum-related FAQs that were previously published on NSA’s website.

Review the advisory here.

Review the FAQ here.

Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations